Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue/Security: HASS.Agent Installs vulnerable driver #163

Open
2 tasks done
leankuroneko opened this issue Sep 22, 2024 · 2 comments
Open
2 tasks done

Issue/Security: HASS.Agent Installs vulnerable driver #163

leankuroneko opened this issue Sep 22, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@leankuroneko
Copy link

leankuroneko commented Sep 22, 2024
edited
Loading

Describe the bug
After installing HASS.Agent, ESET Endpoint Security raised an alert and quarantined the file inpoutx64.sys for being potentially unsafe

Searching about this I found in the ESET Forum that although not infected this file has vulnerabilities that can be used in Privilege Escalation (further investigation). This concern was also raised in MalwareTips and in a Windows Community post where it's mentioned to be blocked by Riot's Anti Cheat Engine.

Maintainer: Personally I haven't used the thing myself for about 7 years
https://forums.highrez.co.uk/viewtopic.php?p=17167&sid=c775cbad2219955de63ce2821f17cbd5#p17167

Footer: The Author makes no guarantee that this software is free from bugs and will not harm your system.
https://highrez.co.uk/

I'd suggest its removal or replacement since given it seems abandoned

Screenshots
image

Scan Module: Real-Time File System Protection
Object: C:\WINDOWS\system32\Drivers\inpoutx64.sys
Detection: Win64/HighRez.A (Potentially Unsafe Application)
User: NT AUTHORITY\SYSTEM
Information: An event occurred in a new file created by the application: C:\Program Files\HASS.Agent\Service\HASS.AgentSatelliteService.exe (4E72406DE7447604BB86085F5DDAFAB8BAOB57C5).
Hash: 6AFC6B04CF73DD461E4A4956365F25C1F1162387

Misc info (please complete the following information):

  • Windows build: 23H2 (22631.4169)
  • Windows' UI language: es_AR
  • HASS.Agent version: 2.0.1
  • ESET Endpoint Security: 11.1.2039.2 (Detection engine: 29912)

Please check what's applicable (multiple answers possible):

  • Installed via installer
  • Problem occurs in HASS.Agent
@leankuroneko leankuroneko added the bug Something isn't working label Sep 22, 2024
@amadeo-alex amadeo-alex changed the title Security: HASS.Agent Installs vulnerable driver Issue/Security: HASS.Agent Installs vulnerable driver Sep 22, 2024
@amadeo-alex
Copy link
Collaborator

amadeo-alex commented Sep 22, 2024
edited
Loading

Thank you for the information! Looks like the next release after 2.1.0 will be a security themed one.
I'll have quite more time next week (starting tmrw) to work on HASS.Agent so I'll take a deeper dive to investigate this.

@patrickdickey52761
Copy link

I'm having a similar issue with the Satellite Service driver. As soon as I finished the installation, Avast blocked the driver. On their end, the only way to allow the driver is to turn off the protection completely (which is a bug in their program, IMHO). Here's a screenshot of the warning message. I'm adding it to this as opposed to creating a new issue because it's related to the underlying issue of potentially unsafe drivers/code being used.

Have a great day. :)
Patrick.
AvastWarningDriver

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@patrickdickey52761 @leankuroneko @amadeo-alex